Use this quick start guide to collect all the information about EXIN PDPF Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the EXIN Privacy and Data Protection Foundation (PDPF) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual EXIN Privacy and Data Protection Foundation certification exam.
The EXIN PDPF certification is mainly targeted to those candidates who want to build their career in Data Protection and Security domain. The EXIN Privacy and Data Protection Foundation exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of EXIN Privacy and Data Protection.
EXIN PDPF Exam Summary:
| Exam Name | EXIN Privacy and Data Protection Foundation |
| Exam Code | PDPF |
| Exam Price | $262 (USD) |
| Duration | 60 mins |
| Number of Questions | 40 |
| Passing Score | 65% |
| Schedule Exam | Pearson VUE |
| Sample Questions | EXIN PDPF Sample Questions |
| Practice Exam | EXIN PDPF Certification Practice Exam |
EXIN Privacy and Data Protection Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
Privacy & Data Protection Fundamentals and Regulations - 47.5% |
||
| Definitions |
The candidate can… - define privacy. - relate privacy to personal data and data protection. - describe the context of Union and Member state law |
7.5% |
| Personal data |
The candidate can… - define personal data according to the GDPR. - make a distinction between personal data and special categories of data, like sensitive personal data. - describe the data subject’s rights regarding personal data. - define processing of personal data that falls within the scope of the GDPR. - list the roles, responsibilities and stakeholders in the GDPR. |
17.5% |
| Legitimate grounds and purpose limitation |
The candidate can… - list the six legitimate grounds for processing. - describe the concept of purpose limitation. - describe proportionality and subsidiarity. |
5% |
| Further requirements for legitimate processing of personal data |
The candidate can… - describe the requirements for legitimate data processing. - describe the purpose of personal data processing. - explain the principles relating to processing of personal data. |
5% |
| Rights of data subjects |
The candidate can… - describe the rights regarding data portability and the right of inspection. - describe the right to be forgotten. |
2.5% |
| Personal data breach and related procedures |
The candidate can… - describe the concept of personal data breach. - explain procedures on how to act when a personal data breach occurs. - give examples of categories of personal data breaches. - describe the difference between a security breach (incident) and a personal data breach. - list relevant stakeholders that should be informed in case of a personal data breach |
10% |
Organizing data protection - 35% |
||
| Importance of data protection for the organization |
The candidate can… - list the different types of administration (GDPR Article 28 & Article 30). - indicate what activities are required to comply with the GDPR. - define data protection by design and by default. - give examples of personal data breaches. - describe the personal data breach notification obligation as laid down in the GDPR. - describe enforcement of the rules by issuing penalties including administrative fines. |
12.5% |
| Supervisory authority |
The candidate can… - describe the general responsibilities of a supervisory authority. - describe the role and responsibilities of a supervisory authority related to personal data breaches. - describe how a supervisory authority contributes to the application of the GDPR. |
7.5% |
| Personal data transfer to third countries |
The candidate can… - describe the regulations that apply to data transfer inside the EEA. - describe the regulations that apply to data transfer outside the EEA. - describe the regulations that apply to data transfer between the EEA and the USA. |
7.5% |
| Binding corporate rules and data protection in contracts |
The candidate can… - describe the concept of binding corporate rules (BCR). - describe how data protection is formalized in contracts between the controller and the processor. - describe the clauses of such a contract. |
7.5% |
Practice of data protection - 17.5% |
||
| Data protection by design and by default related to information security |
The candidate can… - describe the benefits of data protection by design and by default. - describe the seven principles of data protection by design |
5% |
| Data Protection Impact Assessment (DPIA) |
The candidate can… - outline what a DPIA covers and when to do a DPIA. - mention the eight objectives of a DPIA. - list the topics of a DPIA report. |
5% |
| Personal data in use |
The candidate can… - describe the purpose of data lifecycle management (DLM). - explain data retention and minimization. - describe what a cookie is and what its purpose is. - describe the right to object to the processing of personal data for the purpose of direct marketing, including profiling. |
7.5% |
To ensure success in EXIN Privacy and Data Protection certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for EXIN Privacy and Data Protection Foundation (PDPF) exam.